[leni536]

How is PDF not as transparent as any other open binary format (though PDF is more like mixed)?

Edit:

> Maybe a more transparent document format would help (does not even exist).

I don't know if more transparent, but djvu exists for scanned documents. Postscript also exists but I would doubt that it's safer than PDF.

[JupiterMoon]

I am aware that the pdf specific is open. However pdf does a lot of things and is somewhat complex. I argue more than is needed for transmitting documents. Can you personally verify that a given pdf does nothing malicious?

[leni536]

Can you personally verify that a given jpeg does nothing malicious? Same thing, you trust (or not) your reader and its parser and hope it doesn't have any remote code execution vulnerability. Or you stop reading PDF files and stop viewing images.

[JupiterMoon]

Nope I can't. In reality how many exploits have actually been contained in jpegs vs pdf though?

[leni536]

That's an other question. Parsers of multimedia formats often have nasty vulnerabilities though. The most vulnerable part of PDF readers is the handling of embedded javascript. It can be easily evaded by using a viewer that doesn't implement the javascript functionalities of PDF, most files don't use it anyway.